Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.

Space precludes documenting all of the bug fixes and enhancements in this
advisory. See the following Release Notes documentation, which will be
updated shortly for this release, for details about these changes:

All OpenShift Container Platform 3 users are advised to upgrade to these
updated packages and images.

Security Fix(es):

* An attacker with knowledge of the given name used to authenticate and
access Elasticsearch can later access it without the token, bypassing
authentication. This attack also requires that the Elasticsearch be
configured with an external route, and the data accessed is limited to the
indices. (CVE-2017-12195)

This issue was discovered by Rich Megginson (Red Hat).

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to: